Programmatically getting NTFS folder permissions

[kanepart2]

Hey , I need to make a function in C# that gets the permissions on a
folder and its sub folders. I wanted to list the users and the
permissions they have been granted on folders. I dont know if it is
conviniently possible. I am guessing that I'd probably have to use
directorysecurity.

Some help would be appreciated.

 

[Ignacio Machin \( .NET/ C# MVP \)]

Hi,

Hey , I need to make a function in C# that gets the permissions on a
folder and its sub folders. I wanted to list the users and the
permissions they have been granted on folders. I dont know if it is
conviniently possible. I am guessing that I'd probably have to use
directorysecurity.

Did you try DirectorySecurity?

The other way would be WMI I guess.

 

[kanepart2]

I tried using directorysecurity but i get undesired results. Maybe I'm
not using it right.

 

[Willy Denoyette [MVP]]

I tried using directorysecurity but i get undesired results. Maybe I'm
not using it right.

Mind to post your code and what you are expecting, getting the effective
access permissions is not a trivial task and may require administrative
privileges to get it right.

Willy.

 

[kanepart2]

This might work .. but I am having some problems with it

DirectoryInfo dInfo = new DirectoryInfo("C:/Temporary");
DirectorySecurity dSecurity = dInfo.GetAccessControl();

Console.WriteLine(dSecurity.GetAccessRules(true,true, Type
targetType******).ToString())

I dont know what the 3rd parameter marked ***** will be

I'm not even sure if this will work .. just one of the things I am
trying

 

[Willy Denoyette [MVP]]

This might work .. but I am having some problems with it

DirectoryInfo dInfo = new DirectoryInfo("C:/Temporary");
DirectorySecurity dSecurity = dInfo.GetAccessControl();

Console.WriteLine(dSecurity.GetAccessRules(true,true, Type
targetType******).ToString())

I dont know what the 3rd parameter marked ***** will be

I'm not even sure if this will work .. just one of the things I am
trying

Here is something to get you started,

.....
DirectoryInfo dInfo = new DirectoryInfo("c:\\Temporary");
DirectorySecurity dSecurity = dInfo.GetAccessControl();
foreach(FileSystemAccessRule rule in
dSecurity.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine("Rule {0} {1} access to {2}",
rule.AccessControlType == AccessControlType.Allow ?
"grants" : "denies",
rule.FileSystemRights,
rule.IdentityReference.ToString());
}
....
but as I said before it's not that easy as it looks like to get the
effective permissions for a specific user.
I would suggest you to get a good understanding of file object security
before you start manipulating FS security .

Willy.

 

[kanepart2]

Will do! Thanks for your help.

Here is something to get you started,

....
DirectoryInfo dInfo = new DirectoryInfo("c:\\Temporary");
DirectorySecurity dSecurity = dInfo.GetAccessControl();
foreach(FileSystemAccessRule rule in
dSecurity.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine("Rule {0} {1} access to {2}",
rule.AccessControlType == AccessControlType.Allow ?
"grants" : "denies",
rule.FileSystemRights,
rule.IdentityReference.ToString());
}
...
but as I said before it's not that easy as it looks like to get the
effective permissions for a specific user.
I would suggest you to get a good understanding of file object security
before you start manipulating FS security .

Willy.

 

[kanepart2]

I have implemented this for users, what if I need to do the same for
local groups?